lyse lyse.isobeef.org
Following
0
Followers
0

Recent twts from lyse

In-reply-to > The Wageningen University & Research houses a collection of almost 1200 drawings of the root systems of trees, grasses, crops, shrubs, weeds, flowers, and other plants. These drawings were done of plants in Europe, mostly in Austria, over a period of 40 years and are a wonderful combination of scientifically valuable and aesthetically pleasing.

@david@netbros.com These are very lovely indeed. Reminds me of biology class in fifth grade or something around that era. We looked at all kind of different things with microscopes. Pretty nice.


#exwejxq
In-reply-to > "Every time the beautiful Regina rejects his advances, James pushes a red button and tries again, all the while unaware of the reality and consequences of his actions." On YouTube "One-Minute Time Machine". It is fun to watch, and only a bit over 5 minutes to lose, if you think it was a waste.

@david@netbros.com Hahahaha, this is brilliant! “Oh the bright side, you’re the first successful multiple suicide.” Laughing my ass off! :‘-D


#sqr3plq
In-reply-to > Ready for clone https://github.com/sorenpeter/pixelblog

@darch@twtxt.net I just sent you a merge request that fixes the typos I spotted.

Now to one very severe security flaw, the filesystem traversal attack. You must never ever trust user input. Never. Ever. Not in a hundred years. Or the devil himself will kidnap your kids, your wive and yourself to steal their souls, rape and then painfully kill all of them.

Back to the user input. This also goes for the filename of the submitted file upload. You either have to sanitize it or even better, just generate a new one, you know is safe. Currently you just use the user’s filename, replace spaces with hyphens, convert it to lowercase and prepend the date. So basically, doing nothing in terms of sanitizing. But if the filename contains slashes, you’re basically fucked. Imagine a user-supplied filename of ../../../../../etc/passwd or something similar. It will then override system data or any of your scripts or whatever, if the user running the PHP script has sufficient permissions. Which it often has to at least override your own PHP scripts. So you should at least extract the submitted filename’s basename at the very bare minimum. That would result in passwd on the example above. Maybe there are even more PHP-specific things to keep in mind, I don’t know.

Okay, granted you check for the existence of the final file and abort, but it still would be possible to sneak files into places, where they truely do not belong. Like optional configuration files an application would read if present but ignore if missing.

Also checking the file extension to determine whether a file is of a certain type doesn’t really work. You can just lie about the extension.

I’m heading to bed now. Happy fixing my friend! :-)


#crskcmq
In-reply-to > Ready for clone https://github.com/sorenpeter/pixelblog

@darch@twtxt.net Yiha! I just explored the code online a little bit. The very first thing that came to mind is that you probably want to maintain a .gitignore in your repo and at least add this silly .DS_Store to it, it’s of no use. Since git only tracks files and not directories some of the folders would be empty. So they do not exist after cloning the repository. There are two commonly used approaches:

1.) The software just creates the directories, if they’re not present. In my opinion that’s the best solution in 99% of the time.
2.) Add and commit an empty file, often named .gitkeep or something similar.

Also temporary editor files are very good candidates to exclude from git. They of course depend on your favorite editor, I always add *.sw? for Vim swap files and also *~ for good measure. Some editors I used in the past just append a tilde to their temp files, so it’s an old habit. Of course, there are plenty of different suffixes, extensions and what not. I tell people to just start out with those the original author uses.

Other than some typos in the README and comments I haven’t tried this out. A few years back I made the resolution to never execute PHP code again if I can help it. 8-)


#gs7l5qq
In-reply-to > We made use of the beautiful sunshine before it will get dull again the next days. After calling it a day at 15:00 my mate and I headed about two and a half hours in the bush. The boiling sun made the 4°C feel quite alright. No wind in the forest, so quite bearable conditions. Four more photos from that trip.

@fastidious@arrakis.netbros.com @ionores@twtxt.net @jlj@twt.nfld.uk Thank you guys! It’s a pond or small catchment. This concrete thing in the middle is an escape where the water can flow out and form a little creek. The whole field was full of ravens, like about 100 I reckon, and in the middle strutted a gray heron. But that photo turned out too dark to use. The colors today just made it looking like autumn, also with all the leaves still on the ground. Although we’re in the middle of winter of course.


#jfa7xiq
In-reply-to > Friday's hike in the gray soup. https://lyse.isobeef.org/waldspaziergang-2022-01-21/ Note that somebody gave the woman a necklace.

Well, @prologic@twtxt.net, this statue reminds movq of his old German teacher back in school, who forced him to read shitty books. Of course he didn’t want to, because, well, they were shitty, so he also didn’t do his homework. Instead, he played computer games and disassembled walkmen and portable radios to learn about electronics, which he was much more into. Then, in the next lession the following day the German teacher always gave him lines when he couldn’t show his homework. Since she was also his arts teacher, her favorite and infamous thing was to make her disgraced pupils trace and color portraits of her. One such day movq decided, to let his computer do the extra exercise for him, so he wrote a crude program in BASIC to copy the template photo on his needle printer. To debug the code, he obviously had to look carefully at the photo and study all the details. The rest is history, that’s why he always cringes when he sees his old German and arts teacher sitting on this bench at my mountain. You can’t blame him for that.


#zf6pjna
In-reply-to > Today I called it a day earlier and enjoyed the 5°C hot sunshine. You will probably notice by now with ease, I went up my backyard mountain again and enjoyed the sunset. The scenery was dimmed by three women who loadly yelled all the time, quite annoying. I had to take the sneaky backpath detour, because the tree service had closed off the main one due to felling activities of dead and sick ashes. Some sections were one thick sheet of slippery ice. But I made it safely. The flag disintegrates even further. The more it is ripped apart, the higher the windage is, resulting in a nice death spiral. But this silly, flapping fabric doesn't affect the moods over here as you can see by the two snowmen somebody had built. https://lyse.isobeef.org/waldspaziergang-2022-01-24/

@prologic@twtxt.net Thanks. Of course not, absolutely go for it! :-) You’re all always welcome to do with them what ever you want to.


#l6vlviq